[talks] Annie Liu will present her General Exam on May 13, 2015 at 3pm in CS 302.

Nicki Gotsis ngotsis at CS.Princeton.EDU
Tue May 5 16:33:42 EDT 2015


Annie Liu will present her General Exam on May 13, 2015 at 3pm in CS 302.  

The members of her committee are Mike Freedman (adviser), Nick Feamster, and Ed Felten.
 
Everyone is invited to attend her talk, and those faculty wishing to remain for the oral exam following are welcome to do so.  Her abstract and reading list follow below.

Abstract

Modern web applications handle user-specific, often sensitive,
information. Unfortunately, protecting user data is notoriously
difficult today---web frameworks do not provide a way for declaring
and enforcing application-specific security policies. In response,
developers often specify and enforce security policy in an ad-hoc
fashion. Recent headlines alone serve to highlight that this is not
working---web applications are plagued by privacy leaks. To solve the
problem, we present ESpectro, a new framework for building least-privileged
Node.js applications. ESpectro provides developers with libraries for
compartmentalizing applications and declaring high-level security
policies. ESpectro then enforces these policies on application code by
employing application-level virtualization. By analyzing a blog web
application,
I will show how Espectro will change the programming model of developers and
how it will help preventing privacy leakage.


Reading list
 
>> A Decentralized Model for IFC. Andrew Myers, Barbara Liskov SOSP'97
>>
>> Secure Web Applications via Automatic Partitioning. Stephen Chong, et
>> al. SOSP'07
>>
>> TaintDroid: An Information-Flow Tracking System for Realtime Privacy
>> Monitoring on Smartphones. William Enck, et al. OSDI'10
>>
>> Automating Isolation and Least Privilege in Web Services. Aaron
>> Blankstein, Michael J. Freedman. SP'14
>>
>> Hails: Protecting Data Privacy in Untrusted Web Applications. Daniel B.
>> Giffin, et al. OSDI'12
>>
>> Protecting Users by Confining JavaScript with COWL. Deian Stefan, et al.
>> OSDI'14
>>
>> Authentication in the Taos operating system. Edward Wobber, et al.
>> Transactions on Computer Systems, 1994.
>>
>> Nexus: An Operating System for Trustworthy Computing. Alan Shieh, et al.
>> SOSP'05
>>
>> Traps and Pitfalls: Practical Problem in System Call Interposition Based
>> Security Tools. Tal Garfinkel. Network and Distributed Systems Security
>> Symposium, 2003.
>>
>> Security Engineering, Ross Anderson
>> (http://www.cl.cam.ac.uk/~rja14/book.html)
>> ***********************


More information about the talks mailing list